sleuthkit
`sudo -g disk autopsy` not working
The snap readme recommends starting autopsy via sudo -g disk autopsy to give permission to local disks, without running the whole program as root or adding the user to disk (both of which can be seen as problematic).
However, On Fedora 37, sudo -g disk autopsy raises the following error:
Sorry, user $USER is not allowed to execute '/var/lib/snapd/snap/bin/autopsy' as $USER:disk on fedora.fritz.box.
Note, I confirmed the group is called disk via ll /dev |grep sda
brw-rw----. 1 root disk 8, 0 Sep 26 18:24 sda
brw-rw----. 1 root disk 8, 1 Sep 26 18:24 sda1
brw-rw----. 1 root disk 8, 2 Sep 26 18:24 sda2
brw-rw----. 1 root disk 8, 3 Sep 26 18:24 sda3
Is there a fix, or an alternative way to (safely) grant autopsy the relevant permissions?
I had similar issue here. This is what helped me get it running:
- Install autofs via apt-get
- assign "disk" group to local user and also root su user (not sure if assigning disk to local user is a safety risc if I am the only user of that particular pc anyway).
- Running autopsy as root as recommended by installation instructions worked at first then was broken and has never recovered by itself. I found that due to wayland used here it is not possible for root to run gui java, this is intentional. Instead, make autopsy run for local user.
- Installing later version of java jre such as v.23 vs. 17 might also help. There is an early version of a java 21 jre that is using wayland vs. X which I have installed here and so far autopsy has worked with it and I am running it as local user, not su.
not sure if assigning disk to local user is a safety risc if I am the only user of that particular pc anyway
Yes it is a safety risk. It basically means that any program you run could access (and maybe even write to) any arbitrary area of your disks, ignoring permissions, filesystem structure etc. Whether you are the only user or not is irrelevant in this regard.